Chief Information Security and Privacy Officer

About The Position

Responsibilities

• Strategic Leadership: Oversight of Enterprise Information and cyber security policy, strategy, and execution driving a risk-based resilience model.
• Executive Influence: Interfaces with senior leadership and the Board of Directors to ensure information security is quantified in financial and business impact terms and aligned with strategic priorities.
• Stakeholder Communication: Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders, serving as a primary advocate for digital trust.
• Talent Cultivation: Supervise recruitment, development, retention, engagement, and organization of security staff, fostering a high-performance culture of continuous learning.
• Environment Management: Oversight of core security and infrastructure systems, managed security providers, and the security posture of the end-to-end supply chain.
• Policy & Governance: Develop, implement, maintain, and oversee enforcement of IT policies, procedures, and associated plans for system security administration and user system access based on Zero Trust architecture and industry-standard frameworks (e.g., NIST, ISO).
• Incident Orchestration: Accountable for security operations, incident oversight, identification, and response, focusing on rapid recovery and business continuity.
• Revenue Enablement & Customer Trust: Partner with Sales and Product teams to serve as an executive-level security advocate during the sales cycle; directly engage with key customers and prospects to articulate the company’s security posture and build the "Digital Trust" necessary to accelerate contract closures.
• Cross-Functional Collaboration: Collaborate with the wider IT department and business unit leaders on embedding security-by-design into enterprise and end-user processing technology.
• Cultural Transformation: Create a culture of cyber security awareness both within the IT organization and driving measurable behavioral changes for the business; proactively evaluates security trends, emerging AI-driven threats, and vulnerabilities to mitigate risk.
• Awareness & Advocacy: Oversees, develops, and delivers dynamic, role-specific security awareness training. Initiates, facilitates, and promotes activities to foster a shared responsibility model within the organization and related entities.
• Strategic Partnerships: Promote and oversee strategic security relationships between internal resources and external entities, including suppliers, partner organizations, and industry peer groups.
• Third-Party Risk Management (TPRM): Participates in the development, implementation, and ongoing compliance monitoring of all business associate, client, and supplier agreements to ensure rigorous security concerns, requirements, and responsibilities are addressed legally and technically.
• Market Intelligence: Remain informed on cyber risk trends and issues; advise, counsel, and educate executive and management teams on their potential impact to brand equity and shareholder value.
• Privacy & Compliance Integration: Works closely with Data Privacy leadership to ensure alignment between security and Global Data Privacy programs (e.g., GDPR, CCPA) including policies, practices, and investigations; acts as a strategic liaison to the Compliance and Legal departments.
• Risk Quantification: Responsible for periodic information security risk assessment, analysis, mitigation, and remediation utilizing data-driven risk modeling. Responsible for development and implementation of an integrated security enterprise risk management plan.
• Executive Communication: Interact with excellent written and communication skills, able to operate at both a visionary strategic level and high-impact operational level.